{"id":222145,"date":"2021-05-12T11:52:45","date_gmt":"2021-05-12T09:52:45","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=222145"},"modified":"2021-05-12T11:52:45","modified_gmt":"2021-05-12T09:52:45","slug":"detection-machine-learning","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/detection-machine-learning\/","title":{"rendered":"Log loss detection and machine learning: a possible use case with AI?"},"content":{"rendered":"

For analysts of a SOC<\/a>, It is of great importance to be able to know at what time A loss of logs is occurring or may have occurred<\/strong>. When SIEMs no longer receive logs from their usual sending hosts, the detection\/correlation rules cannot be properly applied<\/strong>. In this type of scenario, it is therefore likely that there will be a late or even completely absent awareness<\/strong> by analysts if one or more security incidents may have occurred<\/strong>. The same applies if an attacker has managed to take control of a host or a user account to stop all logging processes<\/strong> in such a way that its illegitimate behavior goes unnoticed<\/strong>.<\/p>\n\n\n\n

Artificial intelligence<\/strong> is seen as a very beneficial development for our society, allowing us to predict our needs<\/strong> and so on respond in advance<\/strong>. His ability to understand and analyze a given context can contribute to detect anomalies or unusual behaviors<\/strong> and so, can he strengthen detection <\/strong>What about log loss on hosts? That's what we'll explore in this article, which is divided into five parts:<\/p>\n\n\n\n

  1. Existing calculation methods<\/li>
  2. Applying machine learning in Splunk with MLTK<\/li>
  3. The limitations of detection with MLTK<\/li>
  4. Another, more classic and cognitive approach<\/li>
  5. The advantages and disadvantages<\/li><\/ol>\n\n\n\n

    Existing calculation methods<\/h1>\n\n\n\n

    Considering the very negative impact that log loss can have on the security of a company's systems, it is essential to know how to detect it. To do this, there are... three methods<\/strong> which can be used to solve this problem.<\/p>\n\n\n\n

    First method: fixed threshold<\/h2>\n\n\n\n

    This method consists of estimating and defining a fixed maximum time threshold for non-receipt of newspapers<\/strong> globally or for each host. As soon as an entry exceeds the threshold, the alert is triggered.<\/strong>.<\/p>\n\n\n\n

    This approach can be effective, but the thresholds may not be precisely suited to the variation in the appearance of host logs during certain periods<\/strong>, and, consequently, Too high a tolerance may be applied, or vice versa.<\/strong>. This is an approach that ultimately requires analysis by analysts; therefore, it is not not as efficient and reliable<\/strong> because it can trigger a large number of false alarms or ignored log losses<\/strong> where there shouldn't be any.<\/p>\n\n\n\n

    \"\"<\/figure><\/div>\n\n\n\n

    Second method: standard deviation<\/h2>\n\n\n\n

    The standard deviation method, which consists of calculate the variation in the appearance of newspapers around the historical average<\/strong> to define more precise automated thresholds.<\/strong> It can be applied globally or for each host.<\/p>\n\n\n\n

    \"\"<\/figure><\/div>\n\n\n\n

    Although it may seem limit the problems arising from the first method<\/strong> as previously stated, a effective limitation<\/strong> can occur when there is a trend or seasonality<\/strong> about the disappearance of a host's journals. The historical average<\/strong> will not accurately represent the actual average<\/strong> for a given period and, consequently, the calculated thresholds may not correctly detect a possible log loss<\/strong>.<\/p>\n\n\n\n

    Third method: the standard deviation error<\/h2>\n\n\n\n

    The standard deviation error method which is similar to the previous one<\/strong> but which aims, for its part, to calculate the forecast error<\/strong> allowing\u2019obtain an average error<\/strong>. This allows us to know several standard deviations for the definition of several thresholds specific to several periods for each host.<\/p>\n\n\n\n

    \"\"<\/figure><\/div>\n\n\n\n

    This detection method smarter<\/strong> analyzes the forecast error variance instead of simply monitoring the appearance of newspapers around the historical average, and thus allows for detect threshold breaches much more precisely and bring them back to a more plausible value<\/strong>. Therefore, this method is the more suitable<\/strong> to address the problem of log loss detection and perhaps directly used and adapted<\/strong> thanks to the\u2019Splunk MLTK application<\/strong>.<\/p>\n\n\n\n

    Applying machine learning in Splunk with MLTK<\/h1>\n\n\n\n

    What is MLTK?<\/h2>\n\n\n\n

    Machine Learning Toolkit<\/strong> is an application free<\/strong> which is installed on the Splunk platform allowing...\u2019extend its functionality and provide a guided machine learning modeling environment<\/strong> with :<\/p>\n\n\n\n

    • A shop window offering a machine learning toolkit<\/strong>. This one contains ready-to-use examples with real-world datasets<\/strong> to quickly and easily understand the how methods and algorithms work<\/strong> made available.<\/li>
    • A experimentation assistant<\/strong> to design their own models in a guided manner and test them.<\/li>
    • An SPL search tab incorporating MLTK-specific commands<\/strong> allowing users to test and adapt their own models.<\/li>
    • 43 algorithms available and usable<\/strong> directly from the application and also a Python library<\/strong> containing several hundred open source algorithms<\/strong> for open-access numerical computing.<\/li><\/ul>\n\n\n\n

      MLTK therefore makes it possible to meet various objectives such as:<\/p>\n\n\n\n

      • Predicting numerical fields (linear regression)<\/li>
      • Predicting categorical fields (logistic regression)<\/li>
      • Detecting outliers in numerical values (distribution statistics)<\/li>
      • Detecting categorical outliers (probabilistic measures)<\/li>
      • Time series forecasting<\/li>
      • Grouping digital events<\/li><\/ul>\n\n\n\n
        \"\"<\/figure><\/div>\n\n\n\n

        Of the objectives mentioned above that MLTK can satisfy, only one machine learning model can address log loss detection using the standard deviation error method: outlier detection<\/strong>.<\/p>\n\n\n\n

        Outlier detection for missing hosts<\/h2>\n\n\n\n

        Outlier detection is identifying data that deviates from a dataset<\/strong>. To obtain the data in this use case, simply note the time difference between each log<\/strong> emitted by the host and of clean up null values<\/strong> which can skew the results. Then, regarding the application of the model, The standard deviation error is calculated for each data point to detect outliers.<\/strong>.<\/p>\n\n\n\n

        Here is an example of a log loss forecasting model in MLTK for a single host. aberrant values<\/strong> (yellow dots<\/strong>) are the data points that are located outside the aberration envelope<\/strong> (light blue area<\/strong>). The value on the right side of the graph (14<\/strong>) indicates the total number of outliers<\/strong> :<\/p>\n\n\n\n

        \"\"<\/figure><\/div>\n\n\n\n

        We note that the\u2019envelope of aberration<\/strong> or the calculated thresholds follow the general shape of the curve quite well<\/strong> but what\u2019A number of outliers were nevertheless reported.<\/strong>.<\/p>\n\n\n\n

        The limitations of detection with MLTK<\/h1>\n\n\n\n

        Even though this method allows take into account the seasonality of newspaper losses<\/strong>, However, she still asks for a a certain regularity<\/strong>. Some hosts may emit very irregularly during any period<\/strong> and so create false, aberrant values<\/strong> in datasets. <\/p>\n\n\n\n

        For example, this is the case for this host which, over a period of 2 to 30 days, will retain a coefficient of variation<\/strong> high. This coefficient corresponds to the relative measure of the dispersion of data around the mean<\/strong> It is equal to ratio of standard deviation to mean<\/strong>. The higher the value of coefficient of variation is high<\/strong>, the greater the dispersion around the mean<\/strong>. However, below, the coefficients of variation are greater than 1.5, meaning that the standard deviation is more than 1.5 times the mean. We consider that\u2019A standard deviation begins to be high when it represents half of the mean.<\/strong>, Therefore, it is relatively high in this example:<\/p>\n\n\n\n

        Periods<\/td>2 days<\/td>7 days<\/td>14 days<\/td>21 days<\/td>30 days<\/td><\/tr>
        Total frequency<\/td>144<\/td>404<\/td>902<\/td>1338<\/td>1921<\/td><\/tr>
        Total population<\/td>258591<\/td>688776<\/td>1295373<\/td>1900168<\/td>2653629<\/td><\/tr>
        Median<\/td>600<\/td>600<\/td>600<\/td>600<\/td>600<\/td><\/tr>
        Average<\/td>1795.77<\/td>1708.09<\/td>1436.11<\/td>1420.16<\/td>1381.38<\/td><\/tr>
        Minimum value<\/td>598<\/td>580<\/td>559<\/td>559<\/td>559<\/td><\/tr>
        Maximum value<\/td>28799<\/td>28799<\/td>31199<\/td>37204<\/td>37204<\/td><\/tr>
        Standard deviation<\/td>3301<\/td>2869<\/td>2416<\/td>2446<\/td>2304<\/td><\/tr>
        Coefficient of variation<\/td>1.84<\/td>1.68<\/td>1.68<\/td>1.72<\/td>1.67<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        The same applies if we focus on specific days of the week over a 30-day period:<\/p>\n\n\n\n

        Periods<\/td>Monday<\/td>Tuesday<\/td>Wednesday<\/td>THURSDAY<\/td>Friday<\/td>SATURDAY<\/td>Sunday<\/td><\/tr>
        Total frequency<\/td>403<\/td>403<\/td>356<\/td>328<\/td>268<\/td>90<\/td>73<\/td><\/tr>
        Total population<\/td>431224<\/td>407397<\/td>344989<\/td>346248<\/td>390887<\/td>383993<\/td>386387<\/td><\/tr>
        Median<\/td>600<\/td>600<\/td>600<\/td>600<\/td>601<\/td>2104.5<\/td>3000<\/td><\/tr>
        Average<\/td>1070.03<\/td>1010.91<\/td>969.07<\/td>1055.63<\/td>1318.62<\/td>4266.59<\/td>5292.97<\/td><\/tr>
        Minimum value<\/td>595<\/td>559<\/td>580<\/td>592<\/td>594<\/td>590<\/td>598<\/td><\/tr>
        Maximum value<\/td>7200<\/td>7200<\/td>8400<\/td>10800<\/td>8399<\/td>37204<\/td>31199<\/td><\/tr>
        Standard deviation<\/td>988<\/td>835<\/td>794<\/td>1056<\/td>1379<\/td>5771<\/td>6871<\/td><\/tr>
        Coefficient of variation<\/td>0.92<\/td>0.83<\/td>0.82<\/td>1.00<\/td>1.05<\/td>1.35<\/td>1.30<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        Furthermore, for the entries that are very verbose<\/strong>, a Performance demands on the SIEM side are also important<\/strong> during the various calculations because of a too many newspapers<\/strong>. It is then necessary to reduce the learning period<\/strong> of the model thus impacting the reliability of the calculated thresholds<\/strong>, because, plus one the learning period is long<\/strong>, plus it allows you to\u2019store data<\/strong> and therefore predicting better thresholds<\/strong>.<\/p>\n\n\n\n

        Finally, he is very difficult using this solution<\/strong> power apply this model to a set of hosts<\/strong>. Each entry emits logs in its own way<\/strong> and so it is It is mandatory to adjust the calculations for each input for this model to work correctly.<\/strong>. This case-by-case adaptation work can represent a This represents a considerable workload if several hundred or even thousands of hosts need to be monitored.<\/strong>.<\/p>\n\n\n\n

        Another, more classic and cognitive approach<\/h1>\n\n\n\n

        Observing that the cognitive solution can detect threshold breaches much more precisely and at more plausible values, it is not no less restrictive<\/strong>. Indeed, this requires a a certain regularity in the data<\/strong>, a fairly long learning period<\/strong> and so significant computing power<\/strong> and of\u2019refine the calculations on a case-by-case basis<\/strong>.<\/p>\n\n\n\n

        To overcome these various constraints, a another more traditional approach<\/strong> and based on the\u2019idea for a cognitive solution<\/strong> was conceived and designed for general application across a set of hosts.<\/p>\n\n\n\n

        It consists, firstly, of relying on the event counting<\/strong> rather than calculating the time difference between each event. This parameter change is very important because even if the data type is no longer the same, the computing power required is much less<\/strong> and thus allows one to have a longer learning period<\/strong>.<\/p>\n\n\n\n

        This model then performs statistics<\/strong> to apply a threshold for each host based on their level of verbosity over several time slots<\/strong>. Of the coefficients<\/strong> are subsequently applied to these thresholds depending on the variation in values<\/strong> which could be measured in the past for the purpose of\u2019refine and obtain a precise threshold for each host at a specific time<\/strong>. Even if this way of calculating thresholds can be considered as more arbitrary<\/strong>, she is not no less precise<\/strong> that the method is based on machine learning. It also allows, in addition, to to maintain control over tolerance<\/strong> losses of newspapers and\u2019refine the thresholds on a case-by-case basis across a set of hosts<\/strong>.
        <\/p>\n\n\n\n

        The advantages and disadvantages<\/h1>\n\n\n\n

        All common systems generate event logs, whose volume varies over time<\/strong> (particularly depending on their activity) which in fact creates a certain variability<\/strong>. <\/strong>Therefore, there is no no completely reliable method<\/strong> to detect log loss. Regardless of the nature of this variance, many external factors<\/strong> can occur and therefore seriously impair reliability<\/strong> of the method used. Newspaper losses often result from external events, such as a collection agent malfunction<\/strong> or of the\u2019transmission API<\/strong>, of the machine decommissioning or restarts<\/strong> which may be due to infrastructure, system or software constraints making log collection temporarily impossible.<\/p>\n\n\n\n

        Even though machine learning is getting a lot of attention right now and could have been a good area for improvement in addressing this problem, the way it's presented often suggests that it is capable of responding to any problem<\/strong> as long as\u2019a context has been clearly defined<\/strong> and that there the presence of data<\/strong>. However, this is obviously not the case. Although machine learning allows us to\u2019increase detection rates<\/strong>, of detect attacks as early as possible<\/strong> and of\u2019improve the ability to adapt to changes<\/strong>, Machines are constantly learning<\/strong>.<\/p>\n\n\n\n

        In most cases, machine learning is a skillful combination of technology and human intervention<\/strong>. That is why, The most traditional approach best suits the context of this use case.<\/strong>. Indeed, whether with MLTK or another machine learning solution, it is difficult to predict the data<\/strong> and to obtain acceptable confidence thresholds for each host<\/strong> because of the great variability<\/strong> which remains between them.<\/p>","protected":false},"excerpt":{"rendered":"

        For SOC analysts, it is of paramount importance to be able to know [\u2026]<\/p>","protected":false},"author":36,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-222145","post","type-post","status-publish","format-standard","hentry","category-soc-securite-operationnelle"],"yoast_head":"\nD\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?<\/title>\n<meta name=\"description\" content=\"L\u2019intelligence artificielle est per\u00e7ue comme une avanc\u00e9e tr\u00e8s profitable \u00e0 notre soci\u00e9t\u00e9, permettant de pr\u00e9dire nos besoins et ainsi d\u2019y r\u00e9pondre avec anticipation. Sa capacit\u00e9 \u00e0 comprendre et analyser un contexte donn\u00e9 peut contribuer \u00e0 d\u00e9tecter des anomalies ou des comportements inhabituels et ainsi, peut-il renforcer la d\u00e9tection pour le cas des pertes de journaux sur les h\u00f4tes ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/detection-machine-learning\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?\" \/>\n<meta property=\"og:description\" content=\"L\u2019intelligence artificielle est per\u00e7ue comme une avanc\u00e9e tr\u00e8s profitable \u00e0 notre soci\u00e9t\u00e9, permettant de pr\u00e9dire nos besoins et ainsi d\u2019y r\u00e9pondre avec anticipation. Sa capacit\u00e9 \u00e0 comprendre et analyser un contexte donn\u00e9 peut contribuer \u00e0 d\u00e9tecter des anomalies ou des comportements inhabituels et ainsi, peut-il renforcer la d\u00e9tection pour le cas des pertes de journaux sur les h\u00f4tes ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/detection-machine-learning\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-12T09:52:45+00:00\" \/>\n<meta name=\"author\" content=\"Tristan Pigeon\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tristan Pigeon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/\"},\"author\":{\"name\":\"Tristan Pigeon\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f40051481d9f9edccc9bf8ac004ca187\"},\"headline\":\"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?\",\"datePublished\":\"2021-05-12T09:52:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/\"},\"wordCount\":2356,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/1.png\",\"articleSection\":[\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/\",\"name\":\"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/1.png\",\"datePublished\":\"2021-05-12T09:52:45+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f40051481d9f9edccc9bf8ac004ca187\"},\"description\":\"L\u2019intelligence artificielle est per\u00e7ue comme une avanc\u00e9e tr\u00e8s profitable \u00e0 notre soci\u00e9t\u00e9, permettant de pr\u00e9dire nos besoins et ainsi d\u2019y r\u00e9pondre avec anticipation. Sa capacit\u00e9 \u00e0 comprendre et analyser un contexte donn\u00e9 peut contribuer \u00e0 d\u00e9tecter des anomalies ou des comportements inhabituels et ainsi, peut-il renforcer la d\u00e9tection pour le cas des pertes de journaux sur les h\u00f4tes ?\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/1.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/detection-machine-learning\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f40051481d9f9edccc9bf8ac004ca187\",\"name\":\"Tristan Pigeon\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"caption\":\"Tristan Pigeon\"},\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/tristan-pigeon\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Log loss detection and machine learning: a possible use case with AI?","description":"Artificial intelligence is seen as a highly beneficial advancement for our society, enabling us to predict our needs and thus respond to them proactively. Its ability to understand and analyze a given context can help detect anomalies or unusual behaviors, and therefore, can it enhance detection in cases of log loss on hosts?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/detection-machine-learning\/","og_locale":"en_US","og_type":"article","og_title":"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?","og_description":"L\u2019intelligence artificielle est per\u00e7ue comme une avanc\u00e9e tr\u00e8s profitable \u00e0 notre soci\u00e9t\u00e9, permettant de pr\u00e9dire nos besoins et ainsi d\u2019y r\u00e9pondre avec anticipation. Sa capacit\u00e9 \u00e0 comprendre et analyser un contexte donn\u00e9 peut contribuer \u00e0 d\u00e9tecter des anomalies ou des comportements inhabituels et ainsi, peut-il renforcer la d\u00e9tection pour le cas des pertes de journaux sur les h\u00f4tes ?","og_url":"https:\/\/www.intrinsec.com\/en\/detection-machine-learning\/","og_site_name":"INTRINSEC","article_published_time":"2021-05-12T09:52:45+00:00","author":"Tristan Pigeon","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tristan Pigeon","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/"},"author":{"name":"Tristan Pigeon","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f40051481d9f9edccc9bf8ac004ca187"},"headline":"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?","datePublished":"2021-05-12T09:52:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/"},"wordCount":2356,"image":{"@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2021\/05\/1.png","articleSection":["SOC S\u00e9curit\u00e9 Op\u00e9rationnelle"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/","url":"https:\/\/www.intrinsec.com\/detection-machine-learning\/","name":"Log loss detection and machine learning: a possible use case with AI?","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2021\/05\/1.png","datePublished":"2021-05-12T09:52:45+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f40051481d9f9edccc9bf8ac004ca187"},"description":"Artificial intelligence is seen as a highly beneficial advancement for our society, enabling us to predict our needs and thus respond to them proactively. Its ability to understand and analyze a given context can help detect anomalies or unusual behaviors, and therefore, can it enhance detection in cases of log loss on hosts?","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/detection-machine-learning\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#primaryimage","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2021\/05\/1.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2021\/05\/1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/detection-machine-learning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"D\u00e9tection des pertes de journaux et machine learning : un cas d\u2019usage possible avec l\u2019IA ?"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f40051481d9f9edccc9bf8ac004ca187","name":"Tristan Pigeon","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","caption":"Tristan Pigeon"},"url":"https:\/\/www.intrinsec.com\/en\/author\/tristan-pigeon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/222145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/36"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=222145"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/222145\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=222145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=222145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=222145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}